Difference between revisions of "Stealth"

From Free Software Directory
Jump to: navigation, search
(Created page with "{{Entry |Name=stealth |Short description=a File Integrity scanner |Full description=The STEALTH program performs File Integrity Checks on (remote) clients. It differs from ot...")
 
(No difference)

Latest revision as of 04:56, 21 December 2019

[edit]

stealth

https://fbb-git.gitlab.io/stealth/
a File Integrity scanner

The STEALTH program performs File Integrity Checks on (remote) clients. It differs from other File Integrity Checkers by not requiring baseline integrity data to be kept on either write-only media or in the client's file system. In fact, clients will hardly contain any indication suggesting that they are being monitored, thus improving the stealthiness of the integrity scans.

STEALTH uses standard available software to perform file integrity checks (like find(1) and sha1sum(1)). Using individualized policy files, it is highly adaptable to the specific characteristics of its clients.

In production environments STEALTH should be run from an isolated computer (called the `STEALTH monitor'). In optimal configurations the STEALTH monitor should be a computer not accepting incoming connections. The account used to connect to its clients does not have to be `root'; usually read-access to the client's file system is enough to perform a full integrity check. Instead of using `root' a more restrictive administrative or ordinary account might offer all necessary requirements for the desired integrity check.

STEALTH itself must communicate with the computers it should monitor. It is essential that this communication is secure. STEALTH configurations therefore normally specify SSH as the command-shell to use for connecting to clients. STEALTH may be configured so as to use but one SSH connection per client, even if integrity scans are to be performed repeatedly. Apart from this, the STEALTH monitor is commonly allowed to send e-mail to remote client systems' maintainers.

STEALTH-runs itself may start randomly within specified intervals. The resulting unpredicability of STEALTH-runs further increases STEALTH's stealthiness.

STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired through a Locally Trusted Host': the client's trust is enforced, the locally trusted host is the STEALTH monitor.


To create the program from its sources, either descend into the stealth directory, or unpack a created archive, cd into its top-level directory and follow the instructions provided in the INSTALL file found there.

Alternatively, binary ready-to-install versions of stealth are available in verious Linux distributions, in particular Debian. See, e.g., https://packages.debian.org/search?keywords=stealth&searchon=names&suite=all&section=all

Gitlab's web-pages for stealth are here: https://fbb-git.gitlab.io/stealth/





Licensing

Leaders and contributors

Resources and communication

Software prerequisites



Entry




Property "Submitted by" (as page type) with input value "{{{Submitted by}}}" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
"{{{Submitted date}}}" contains an extrinsic dash or other characters that are invalid for a date interpretation.









Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.